Panoptis: A project to detect and block DoS/DDoS attacks

A couple of words...

...before we get on to the details: Panoptis has not been developed for
three years now. The ideas are still valid so it should work, more or less.
Just don't expect fancy interfaces -- it is quite rough around the edges.
As much as I would love to, I do not have the time to
continue working on this fabulous project. I'm glad enough that I found the
chance, after three years, to update it so that it compiles and runs on
more recent systems. I am always open to any comments though, so don't
hesitate to drop me a line if you have to ask or say something.

What is Panoptis?

Panoptis is a project started some time ago, with the aim to stop
the Denial of Service and Distributed Denial of Service attacks that
have been torturing the Internet for the last few years. It is based
on real-time processing of Cisco (R) NetFlow (TM) data, since this seems
to be the most efficient approach as it is router-centric, allowing
for automated central response without intervention from the
affected organizations' network administrators.

Current status

Panoptis is now in a beta stage, and released under the
GNU Public License.

At the moment, Panoptis detects the attacks (it is quite successful
at that), and uses the mail.py script to notify the administrators
through email that an attack has started (or ended). It also
connects to potential peers to notify them.

You can download
the source code (0.1.4 release)
and compile/run it. There is also a SourceForge project page
over here.
If an attack takes place but panoptis outputs
nothing, email me and let me know (if you are using it along with
other packages like cflowd and can provide me with any diagrams
and other data, that would be really great). Also, let me know
if panoptis reports an attack but there's really no attack going on.

"You can't really stop DoS/DDoS attacks"

*WE* can :) There is code already added to Panoptis, that aims at
creating a mesh of detectors that cooperate to trace-back attacks.
The code is neither activated, nor tested yet, but it is a priority
for the short-term future.